Comment Spam Checking via Akismet

September 18, 2014

Heads up! This blog post hasn't been updated in over 2 years. CodePen is an ever changing place, so if this post references features, you're probably better off checking the docs. Get in touch with support if you have further questions.

In the last few months we've had a couple of comment spammers come through so we decided to do the work needed to fight it. Email verification should catch a bunch of them, but we're doing even more now.

We're now running all comments (for Pens and Posts) through Akismet, the spam-checking service from Automattic. It's a little tricky though...

Considerations

Three main ones:

We don't want to burden you with anything

We rather not make it busywork for us either

We need some kind of system to approve/delete, in which to save false-positives from extinction.

How It Works

So with those considerations in mind, this is how it works:

When anybody leaves a comment, it gets sent through Akismet and is determined to be spam or not spam.

If it's spam, nobody can see that comment except you, the owner of the Pen or Post it appears on. You may approve or deny it via buttons right on the comment in the thread.

If it's not spam, it appears normally.

Here's what a spam comment in a thread on your content looks like:

Notifications

If you have email notifications for comments enabled, you'll only get a new comment email if:

If the comment is not spam.

If the comment was marked as spam, but was then approved.

Activity

You will see a new comment in your Recent Activity section, even if it's spam. Only you can see this anyway, and might be useful for seeing when a new spam comment is left (as we've chosen not to email you about that, to prevent being annoying and burdensome).

Time Buffer

One little exception here: if the person leaving the comment has been a member for a while (we won't say exactly how long as to not encourage spammers), comments are exempt from the spam checking.